Skip to content

Configure DOCKER_AUTH_CONFIG

WARNING: Failed to pull image with policy "Always": image pull failed: rpc error: code = Unknown desc = reading manifest latest-alpine in docker.io/hadolint/hadolint: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
ERROR: Job failed: prepare environment: waiting for pod running: pulling image "hadolint/hadolint:latest-alpine": image pull failed: rpc error: code = Unknown desc = reading manifest latest-alpine in docker.io/hadolint/hadolint: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit. Check https://docs.gitlab.com/runner/shells/index.html#shell-profile-loading for more information

Configure DOCKER_AUTH_CONFIG with bot account for project maybe in config.toml or with secret vault

https://github.com/gitlabhq/gitlabhq/blob/master/doc/ci/docker/using_docker_images.md#configuring-a-runner

https://docs.gitlab.com/ee/ci/docker/authenticate_registry.html#kubernetes

or

[[runners]]
  ...
  executor = "kubernetes"
  [runners.kubernetes]
    image = "alpine:3.12"
    privileged = true
    [[runners.kubernetes.volumes.config_map]]
      name = "docker-client-config"
      mount_path = "/root/.docker/config.json"
      # If you are running GitLab Runner 13.5
      # or lower you can remove this
      sub_path = "config.json"

or using vault:

https://developer.hashicorp.com/vault/docs/platform/k8s/vso/examples

# Apply a VaultStaticSecret which populates the k8s secret named 'myregistryKey' in the applications namespace
# Note: this Secret uses the `default` VaultAuthMethod.
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  namespace: awesomeapps
  name: vault-kv-app
spec:
  type: kv-v2
  mount: kvv2
  path: docker/config
  # dest k8s secret
  destination:
    name: myregistryKey
    create: true
    type: "kubernetes.io/dockerconfigjson"
---
# Example pod from
# https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
apiVersion: v1
kind: Pod
metadata:
  name: foo
  namespace: awesomeapps
spec:
  containers:
    - name: foo
      image: janedoe/awesomeapp:v1
  imagePullSecrets:
   - name: myregistrykey
Edited by Sébastien Heurtematte
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent